Ensuring all VLANs/subnets are covered in VA & industry practices
Posted on 2016-10-06
As governance/compliance person, I'm often not being updated by network teams when
new VLANs / subnets are being created. Network diagram may not be updated timely too.
What are the surest ways to check? Get a readonly account on the core-switch & issue
a command to see all the VLANs there? Or where is the best place/device to see all
VLANs/subnets in a corporate?
For Cisco switches/routers, is there a way to automatically configure something to obtain
output of a certain command (say 'show vlan all') & get it emailed out? Can Tripwire or
TACACS+ do this?
For internal VA scans, what are the subnets/VLANs that are scanned? Do they scan only
servers VLANs/zones only ie DMZ, Apps/internal, DB & management zones only (is
Management crucial) or users/PCs VLANs plus DR and UAT VLANs (where DR/UAT
servers sit) as well?